Courion Integrates Compliance, Risk Mitigation Features in Identity/Access Manager

Courion Access Assurance Suite 8.0 reduces risk, cost of compliance management by combining identity and access management, sensitive data management, user activity monitoring

• 02/23/2010

Courion Corporation has released Access Assurance Suite solution version 8.0. As The solution combines comprehensive identity and access management (IAM) with sensitive data management, user activity monitoring, automated remediation, and advanced analytics to help enterprises manage access risk in their organizations.

Enterprises face several challenges in securing critical systems and data. One of the fundamental challenges of risk mitigation is ensuring that only the right people have the right access to the right resources and are doing the right things. This has focused primarily on managing access to key systems and applications. Organizations need a more comprehensive look at specific data as well as the activity of users on these key systems. This requires knowledge of where critical data resides, who has access to it, and how it’s being used throughout the corporate network and in the cloud. Enterprises also must be able to prove to auditors and regulatory bodies that they possess this knowledge, and have the processes and technology in place to address inconsistencies as they arise.

Version 8.0 helps enterprises integrate disparate islands of sensitive information from data loss prevention (DLP), security incident and event management (SIEM), and other sources so they can effectively manage and protect access to sensitive data, while putting individual user activity into context in order to take appropriate action. Automating the discovery, validation, remediation, and reporting of this data results in higher levels of compliance and security while engaging the business managers and lightening the load on IT staff.

With this release, Courion introduces Sensitive Data Manager and User Activity Manager, two new products that deliver vendor-agnostic integration with leading DLP and SIEM technologies and other user activity data sources. This enables organizations to map user access information against sensitive data requirements and user activity, providing a better, holistic view of user behavior and helping to improve compliance with a broader range of regulations. This process of effectively combining detective and preventive controls in one system significantly reduces costs, increases security management and improves data protection.

Through its ComplianceCourier access certification and compliance management solution, version 8.0 fills one of the greatest enterprise compliance needs by automating the identification, validation and remediation of access inconsistencies, without requiring an enterprise provisioning solution.

New Products and Features

New capabilities within the 8.0 release of the Courion Access Assurance Suite include:

• Sensitive Data Manager: Improves compliance through integration to leading data loss protection (DLP) solutions by identifying and certifying that access to sensitive data is in accordance with policy. When the DLP solution identifies sensitive data, Courion organizes, filters, and synthesizes this data, putting it in to the hands of business users to determine whether access is appropriate and, if needed, remediates by modifying or disabling access according to policy.

• User Activity Manager: Improves compliance with user activity requirements through integration with security incident and event management (SIEM) technologies and other sources. Organizations can view the resources users have accessed and how this compares to the access policy, as well as allowing business managers to identify that while access may be appropriate, the user activity may not. The ability to see who is using what applications is also beneficial in avoiding “over-provisioning” or paying user license fees or maintenance on systems and applications that users are not accessing regularly as part of their job.

• Automated Remediation: Addresses access policy violations during the Access Certification process by enabling notifications via e-mail or help-desk ticket, and can automatically modify, disable, or delete access as appropriate, without requiring an existing provisioning system.
• Advanced Compliance Worksheets: Gives business managers greater control for the creation, modification, and publication of compliance worksheets. Delivers the ability to change the views and sort and filter data to deliver the appropriate view for every audience, enabling business managers to take action on data as appropriate.

• Advanced Analytics Framework: Enhances the user experience through new analytic charting and trending capabilities that make it easy to track and ensure that user access is within policy. Delivers to security and audit staff the ability to synthesize data in order to assess, monitor and mitigate risk in their organization.

Courion delivers new functionality that enables IT managers and compliance officers to more easily engage with business managers. The new version provides advanced analytics capabilities and automated remediation for access violations. With the use of an advanced analytics framework, the system helps to define risk profiles, identify potential problems, and monitor risk exposure over time.

More information is available at www.courion.com.